Test ID:	1.3.6.1.4.1.25623.1.0.800127
Category:	Gain a shell remotely
Title:	Sun Java Web Start Remote Command Execution Vulnerability - Linux
Summary:	Sun Java Web Start is prone to a remote command execution (RCE) vulnerability.
Description:	Summary: Sun Java Web Start is prone to a remote command execution (RCE) vulnerability. Vulnerability Insight: The flaw exists due to weakness in the BasicService showDocument method which does not validate the inputs appropriately. This can be exploited using a specially crafted Java Web Start application via file:\\ URL argument to the showDocument method. Vulnerability Impact: Successful exploitation allows remote code execution on the client machines. Affected Software/OS: Sun J2SE 6.0 Update 10 and earlier. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4910 BugTraq ID: 31916 http://www.securityfocus.com/bid/31916 Bugtraq: 20081025 Java Web start vulnerability (Google Search) http://www.securityfocus.com/archive/1/497799/100/0/threaded Bugtraq: 20081031 Re: Java Web start vulnerability (Google Search) http://www.securityfocus.com/archive/1/497972/100/0/threaded http://securityreason.com/securityalert/4542 XForce ISS Database: sun-jws-showdocument-command-execution(46119) https://exchange.xforce.ibmcloud.com/vulnerabilities/46119
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.